1. Technical Field
The present disclosure relates to authentication systems and more specifically to credential collection in an authentication server employing diverse authentication schemes.
2. Related Art
Authentication refers to confirming whether a user is who s/he purports to be. In computing systems, authentication is used as a basis for granting access to various resources, as is well known in the relevant arts. Authentication servers are often used for authenticating users, prior to providing access to resources, as is also well known in the relevant arts.
Credentials are often used for authentication of users. Credentials refer to various inputs from/of (specific to) the user, which are processed for authenticating users. Examples of credentials include user identifier (e.g., login name, email identifier), password, image (of face, thumb-print, etc.), voice, content of an electronic file (e.g., representing a digital certificate), etc. An authentication server may collect the desired credentials, as suited for corresponding situations, from a user and authenticate the user based on the received credentials.
Authentication servers are designed to operate based on various authentication schemes. Each authentication scheme generally specifies a corresponding set of credentials to be collected, and the manner (processing) in which authentication is to be performed using such collected credentials. For example, one common scheme specifies that a combination of user identifier and password is to be collected from a user, and compared with corresponding values in a non-volatile storage. The user is authenticated under the assumption that knowledge of the combination confirms the identity of the user.
Diverse authentication schemes are often employed in a single authentication server. Such a requirement is often present in complex environments for reasons such as one or more of the nature of resources accessible by users, diversity of user applications supported in the computing environment, or different levels of security desirable for different resources/users, etc.
It is generally desirable to have flexible credential collection mechanisms, for example, to simplify implementation of additional diverse authentication schemes, as may be required in the corresponding environments.
In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the leftmost digit(s) in the corresponding reference number.